Why You Should Gamify Your Cybersecurity Training

With big data breaches occurring almost weekly, companies are looking for ways to tighten up their cybersecurity training. Information security risks continue to evolve, and employees must be educated on the latest security vulnerabilities and encouraged to adapt their behaviors to address such exposures.

The latest big data breach? Equifax. One of the nation’s three largest credit reporting companies was breached this summer, and the hackers stole social security numbers, birthdates, names, addresses and more. With so much at stake, companies are aggressively searching for more effective ways to train their employees and are increasingly turning to game-based learning.

A recent report suggests that human error caused 28% of data breaches last year. Companies have begun to prioritize training their staff to recognize security threats and prevent them from happening. Instead of turning to traditional training methods, businesses are looking for innovative and immersive solutions such as game-based training. Beaumont Health Systems is one such company that is taking extra precautions by gamifying their training content.

Scott Larsen, manager of cybersecurity operations for the company, explained, “Our previous security training was death by PowerPoint,” Larsen said. “It was very non-interactive, very sterile and uninteresting. It did not capture the interest of the end user. The responses we got was ‘this is not useful to me, it’s a waste of time, I don’t understand why it’s necessary,’ comments like that. The employee engagement was very challenging.”

Deloitte is another company that has gamified its training content. Marc MacKinnon, Cyber Risk Services Partner at Deloitte Canada, reported, “At Deloitte, we are seeing an uptake in innovative gamified cybersecurity training solutions. Organizations are creating online communities that enable employees to enter into friendly social competition and get rewarded to be security champions.”

It’s critical that companies help their employees understand the nuances of cyberthreats, and by giving them a safe place to simulate real-life situations, they are helping to prevent the next big data breach from human error. Integrating game-based training into cybersecurity training can be extremely beneficial to any organization.

Below are a few tips to improve and strengthen your cybersecurity training program and management:

1. Make training content more digestible. Transform your training content from long-form PowerPoints and videos into microcontent delivery and short-form challenges. By shortening each lesson and turning them into employee missions, such as 10 minutes of training every week for six weeks instead of one hour at a time, you will engage your employees more and drive higher retention.

2. Add interactive components. Create goals for all employees and celebrate success publicly with points, badges and leaderboards. The use of gamification can drive competition and turn individual training into a company-wide discussion. Whether it be gamification or game-based learning, employees clearly want a different type of training; 77% of employees find game-based training to be more effective than traditional training methods. Higher engagement means employees are learning and interacting with the content and thus improving retention. Employees will adopt positive behavior changes through game repetition, and content will be retained at a higher rate.

3. Recognize top performers with rewards. Often the best types of rewards are memorable and low-cost. From a plaque in the hallway to a hand-written note from a manager to lunch with the CEO, each has the potential to go a long way.

Completely eliminating any cyber risk is a challenge, but with the right tools and skills, employees will be able to adapt to and understand the processes. An effective game-based learning environment enables employees to work toward a goal, choose actions and experience consequences, all in a risk-free setting, resulting in changed behavior and reduced risk.

 

Find this article published at Forbes.com